Add permission for instant apps creating foreground services Foreground services could potentially be abused to get around the lifecycle requirements of Instant Apps, so limit that behavior with a perission that will need to be granted by the installer. Test: Manually verified Change-Id: Ia162077971e914960ebdb8293a33faa8038ed850

commit: 97b383f5a57ed7d384de60c699ca072e6d1d5e95 [log] [tgz]
author: Chad Brubaker <cbrubaker@google.com> Thu Feb 02 15:04:35 2017 -0800
committer: Chad Brubaker <cbrubaker@google.com> Tue Feb 07 15:35:20 2017 -0800
tree: a16b5b4900ef57e3afa0f6f94e1e5ac9b1de1ecd
parent: 1e2758256a391be23c537725f0a7785e4fb5b7d0 [diff] [blame]
diff --git a/core/res/AndroidManifest.xml b/core/res/AndroidManifest.xml
index a6e43ff..6dd1f17 100644
--- a/core/res/AndroidManifest.xml
+++ b/core/res/AndroidManifest.xml

@@ -3247,6 +3247,10 @@
     <permission android:name="android.permission.MODIFY_THEME_OVERLAY"
                 android:protectionLevel="signature" />
 
+    <!-- Allows an instant app to create foreground services. -->
+    <permission android:name="android.permission.INSTANT_APP_FOREGROUND_SERVICE"
+        android:protectionLevel="signature|development|ephemeral|appop" />
+
     <application android:process="system"
                  android:persistent="true"
                  android:hasCode="false"
commit	97b383f5a57ed7d384de60c699ca072e6d1d5e95	[log] [tgz]
author	Chad Brubaker <cbrubaker@google.com>	Thu Feb 02 15:04:35 2017 -0800
committer	Chad Brubaker <cbrubaker@google.com>	Tue Feb 07 15:35:20 2017 -0800
tree	a16b5b4900ef57e3afa0f6f94e1e5ac9b1de1ecd
parent	1e2758256a391be23c537725f0a7785e4fb5b7d0 [diff] [blame]